Meeting Log - 2007-09-27
mmcgrath at redhat.com
Thu Sep 27 20:47:00 UTC 2007
2007-09-27T13:54:22 *** mmcgrath changes topic to "Infrastructure --
2007-09-27T13:54:37 * mmcgrath notes jeremy and warren are about to drop
2007-09-27T13:54:50 <warren> drop?
2007-09-27T13:55:07 <lmacken> heheh
2007-09-27T13:55:09 * couf listens in
2007-09-27T13:55:25 * jeremy is here
2007-09-27T13:55:27 <warren> oh you're doing it on asterisk?
2007-09-27T13:55:30 <mmcgrath> abadger1999: dgilmore: f13 jeremy
lmacken mbonnet paulobanon jima: ping
2007-09-27T13:55:32 <warren> I odn't have my headset today =(
2007-09-27T13:55:43 <abadger1999> pong
2007-09-27T13:55:46 <jima> oops
2007-09-27T13:55:49 <jima> hey folks :)
2007-09-27T13:55:53 <mmcgrath> warren: nope, its just that every
meeting you and jeremy seem to drop within seconds of me changing the
topic. Its happened for the last 4 or 5 meetings.
2007-09-27T13:55:53 <f13> mmcgrath: I'm not really here, leaving shortly
2007-09-27T13:56:00 <mmcgrath> f13: k.
2007-09-27T13:56:13 <mmcgrath> skvidal: ping
2007-09-27T13:56:15 <warren> mmcgrath, I wonder if something in IRC
causes the proxy to crash
2007-09-27T13:56:17 * lmacken is here
2007-09-27T13:56:30 * skvidal is here
2007-09-27T13:56:38 <skvidal> when do jeremy and warren drop off?
2007-09-27T13:56:50 <mmcgrath> skvidal: almost every meeting right
after we start.
2007-09-27T13:56:52 <lmacken> i think this was the first week it hasn't
2007-09-27T13:57:01 <warren> mmcgrath, how many weeks in a row?
2007-09-27T13:57:02 <mmcgrath> its very amusing.
2007-09-27T13:57:10 <skvidal> at least a couple of months
2007-09-27T13:57:13 <warren> wow
2007-09-27T13:57:14 <mmcgrath> warren: many, I'm not sure the exact number.
2007-09-27T13:57:29 <skvidal> it became a running gag
2007-09-27T13:57:30 <mmcgrath> we always laugh at it but you two
probably don't see it because you're off :)
2007-09-27T13:57:34 <warren> mmcgrath, perhaps our network has a hiccup
every week at the same time
2007-09-27T13:57:44 <skvidal> warren: it's a bit uncanny, though.
2007-09-27T13:57:49 <mmcgrath> maybe a clear xlate or something.
alrighty, lets get going.
2007-09-27T13:57:51 <jeremy> I got a core file out of dircproxy, but it
was basically garbage
2007-09-27T13:57:56 <warren> ah!
2007-09-27T13:58:01 <warren> jeremy, I use dircproxy to
2007-09-27T13:58:02 <warren> too
2007-09-27T13:58:11 <lmacken> our meetings have found an exploit!
2007-09-27T13:58:14 * dgilmore is here
2007-09-27T13:58:19 *** mmcgrath changes topic to "Infrastructure --
2007-09-27T13:58:34 <mmcgrath> .tiny
2007-09-27T13:58:40 <mmcgrathbot> mmcgrath: http://tinyurl.com/yth34b
2007-09-27T13:59:03 <dgilmore> mmcgrathbot: they just dont like you ;)
2007-09-27T13:59:06 <mmcgrath> .title
2007-09-27T13:59:08 <mmcgrathbot> mmcgrath: #154 (DNS) - Fedora
Infrastructure - Trac
2007-09-27T13:59:10 <mmcgrath> could be :)
2007-09-27T13:59:42 <mmcgrath> So the first ticket about DNS stuff is
on going. I've got the ttl for fedoraproject.org set to 60 seconds
right now. It seems fairly responsive. I've been able to direct
traffic to the tummy site or PHX site pretty much at will.
2007-09-27T14:00:13 <mmcgrath> We've been balancing between the two for
the last week or so without issue.
2007-09-27T14:00:28 <mmcgrath> The last two pieces of that are to get
the rest of the hosts on the VPN and setup our secondary VPN site.
2007-09-27T14:00:29 <jima> cool
2007-09-27T14:01:01 <mmcgrath> basically we're going to have two vpn
servers one in PHX one, as a backup, elsewhere. If one fails, the
others will automatically connect to the other one within 20 seconds.
2007-09-27T14:01:24 <mmcgrath> I'm going to see what problems that will
cause, like will TCP be interupted/ etc.
2007-09-27T14:01:31 <jima> any idea where "elsewhere" will be?
2007-09-27T14:01:31 <mmcgrath> any questions comments on that before we
2007-09-27T14:02:01 <mmcgrath> jima: initially it will be at the denver
colo with tummy.com though I'll be moving it somewhere else if we get
some space for it.
2007-09-27T14:02:10 * mmcgrath notes -
2007-09-27T14:02:22 <mmcgrath> Ok, next ticket.
2007-09-27T14:02:30 *** ricky has joined #fedora-meeting
2007-09-27T14:02:35 * ricky is here now.
2007-09-27T14:02:38 <mmcgrath> .title
2007-09-27T14:02:40 <mmcgrathbot> mmcgrath: #170 (Hosting respins) -
Fedora Infrastructure - Trac
2007-09-27T14:02:48 <mmcgrath> ricky: yo
2007-09-27T14:03:20 <mmcgrath> So I think there's been some
miscommunication or me just not paying attention to whats going on with
the respins. We've been talking about it a bit on f-a-b.
2007-09-27T14:03:20 <dgilmore> mmcgrath: do we have space for hosting
2007-09-27T14:03:24 <jima> mmcgrath: careful, that map is a tad bit
2007-09-27T14:03:28 <lmacken> has anyone looked at wevisor, and what it
2007-09-27T14:03:28 *** JSchmitt has quit IRC
2007-09-27T14:04:11 <mmcgrath> dgilmore: we have spce for hosting
*some* space now - 242G 123G 107G 54% /srv
2007-09-27T14:04:13 <abadger1999> lmacken: wevisor needs some work.
The RH interns left and it's been stalled.
2007-09-27T14:04:23 <mmcgrath> I'm working to aquire much more space in
the 1T range.
2007-09-27T14:04:24 <abadger1999> lmacken: Otherwise, its mostly done.
2007-09-27T14:04:42 <VileGent> fyi fedora unity has respins to go now
2007-09-27T14:04:44 *** LetoTo has left #fedora-meeting
2007-09-27T14:04:48 <mmcgrath> jeremy: is this a releng thing only or
is this something infrastructure could or should be helping out with?
2007-09-27T14:05:07 <dgilmore> mmcgrath: can that grow?
2007-09-27T14:05:11 <mmcgrath> I get emails from time to time about it
and the whole process is a bit murky in my mind.
2007-09-27T14:05:17 <abadger1999> lmacken: It's current goal, though is
just to get you a kickstart file. You still have to pass the kickstart
through pungi and other tools to get a spin out.
2007-09-27T14:05:29 <lmacken> abadger1999: ah, gotcha.
2007-09-27T14:05:30 <dgilmore> mmcgrath: i dont want to see us get to
the point where we have to say sorry we cant host things anymore
2007-09-27T14:05:33 <mmcgrath> dgilmore: the 1T server or the 242G we have?
2007-09-27T14:05:50 <dgilmore> mmcgrath: well for future needs?
2007-09-27T14:06:01 <mmcgrath> dgilmore: I say we do a trial (we talked
about it a bit on FAB) with first come first surve until we get a more
2007-09-27T14:06:01 <dgilmore> i know its not accurate but really both
2007-09-27T14:06:03 <nirik> could jigdo help here?
2007-09-27T14:06:50 <dgilmore> mmcgrath: ok. as long as we
2007-09-27T14:07:25 <mmcgrath> nirik: does anyone really use jigdo
though? - http://www.google.com/trends?q=jigdo%2C+bittorrent
2007-09-27T14:07:32 <mmcgrath> jeremy: ?
2007-09-27T14:07:42 <nirik> debian does a lot.
2007-09-27T14:07:45 <jeremy> mmcgrath: infrastructure definitely could
help. there are more people really workin gon infrastructure than rel-eng
2007-09-27T14:07:56 <jeremy> nirik: jigdo can't help with live images
2007-09-27T14:08:02 <EvilBob> People don't use jigdo because it is not
offered as an atractive option
2007-09-27T14:08:04 <jeremy> nirik: which are the "interesting" things
to provide really
2007-09-27T14:08:15 <VileGent> jeremy, ??
2007-09-27T14:08:16 <nirik> yeah, I guess thats true. ;(
2007-09-27T14:08:36 <VileGent> nm
2007-09-27T14:08:42 <mmcgrath> jeremy: so my concern here is to make
sure that this process doesn't rely soley on just you and jesse (you all
have enough to worry about with the official spins)
2007-09-27T14:08:44 <EvilBob> people sit an leach off of BT and act
like they are doing the world a service by capping their upstream
2007-09-27T14:08:53 <nirik> since the livecd is already installed
image, it can't get a jigdo template to get packages from different
2007-09-27T14:08:57 <mmcgrath> Is there things we can do now or in the
next couple of weeks?
2007-09-27T14:09:00 <jeremy> nirik: correct
2007-09-27T14:09:01 <mmcgrath> s/Is/Are/
2007-09-27T14:09:19 <jeremy> mmcgrath: it's something that we could do
to get more people involved with rel-eng, though. and in a pretty easy way
2007-09-27T14:09:48 <jeremy> mmcgrath: to be honest, even if it's right
now still just me doing the extra spins, I'd still like to get the
infrastructure in place (and have been meaning to send a mail for, oh,
six weeks now but haven't gotten around to it)
2007-09-27T14:09:50 <mmcgrath> we do have a sysadmin-torrent group
already for building torrents. We could delegate some of that to rel-eng.
2007-09-27T14:10:15 <jeremy> mmcgrath: I might say introduce a new
spinmaster group or some such. plus, that sounds cool :)
2007-09-27T14:10:19 <mmcgrath> My main question is actually building
the images from a ks and who can be trusted to do that?
2007-09-27T14:10:24 <mmcgrath> heh
2007-09-27T14:10:31 *** glezos has joined #fedora-meeting
2007-09-27T14:10:37 * glezos jumps in
2007-09-27T14:10:38 <dwmw2_gone> we should remember to seed the
trackers at http://www.sixxs.net/tools/tracker/ when we release
2007-09-27T14:11:00 <jima> dwmw2_gone: yeah, someone with ipv6 needs to
remember to do that ;)
2007-09-27T14:11:02 <jeremy> the big thing is that the config needs to
just be checked over -- you can have %post --nochroot, and it's running
as root, so ....
2007-09-27T14:11:16 * jima finds himself wishing, yet again, that he
had native ipv6.
2007-09-27T14:11:30 <dgilmore> jima: as do i
2007-09-27T14:11:35 <dwmw2_gone> jima: doesn't take much to arrange it
2007-09-27T14:11:48 <dwmw2_gone> just set up a tunnel from sixxs.net
2007-09-27T14:11:49 <jeremy> but as looking over and doing sign off of
the config is needed anyway, that shouldn't be a big deal
2007-09-27T14:11:50 <jima> dwmw2_gone: i did say "native" :P
2007-09-27T14:11:50 <mmcgrath> dwmw2_gone: add that to -
http://fedoraproject.org/wiki/Infrastructure/SOP/Release if you get a moment
2007-09-27T14:12:01 <dwmw2_gone> mmcgrath: will do
2007-09-27T14:12:08 <dgilmore> dwmw2_gone: i have a tunnel. just not
native support from my isp
2007-09-27T14:12:10 <mmcgrath> jeremy: Do we have any place on the wiki
for this stuff or should I create one?
2007-09-27T14:12:36 * jima has numerous tunnels
2007-09-27T14:12:43 <dwmw2_gone> jima: even I don't have "native" at
the moment -- I have a tunnel from my ISP. The ISP does support native
IPv6 on PPP on the DSL, but I'm temporarily using a non-Linux box as a
router (since I blew up the USB ports on my telephone exchange/router)
2007-09-27T14:12:45 <jeremy> mmcgrath: no place at the moment... if
you want to start one, I can help flesh it out
2007-09-27T14:13:06 <mmcgrath> jeremy: k, I'll get some initial stuff
setup. Including the spins.fp.o site.
2007-09-27T14:13:23 <jima> dwmw2_gone: even a tunnel from your
immediate upstream isp is better than from halfway across the internet :(
2007-09-27T14:13:28 <dwmw2_gone> mmcgrath: or on the TorrentRelease
page which that page refers to?
2007-09-27T14:13:30 <jeremy> mmcgrath: sounds good. and hopefully the
board will agree with us :-)
2007-09-27T14:13:33 <mmcgrath> jeremy: the other question is who should
approve secondary spins. I think FESCo would be good for that but some
think board. What do you think?
2007-09-27T14:13:33 <dwmw2_gone> oh. The TorrentRelease page doesn't exist
2007-09-27T14:13:43 <f13> why not rel-eng itself?
2007-09-27T14:14:00 <jeremy> mmcgrath: it's trademark guidelines. the
board can delegate if they want, but ultimately, control of the
trademark rests with the board at the moment
2007-09-27T14:14:02 <f13> there are already guidelines, releng (who
knows how to validate this stuff) could just once over and make sure
things are being done right.
2007-09-27T14:14:09 <f13> or that.
2007-09-27T14:14:13 <EvilBob> rel-eng +1
2007-09-27T14:15:03 <mmcgrath> so a two part approval? releng says
this is technically ready and the board says "give it our trademark" ?
2007-09-27T14:15:06 <dgilmore> mmcgrath: right now the board due to
what jeremy said
2007-09-27T14:15:18 <dgilmore> mmcgrath: yup
2007-09-27T14:15:25 <mmcgrath> f13: that sound reasonable to you?
2007-09-27T14:16:38 *** bklemm has joined #fedora-meeting
2007-09-27T14:17:12 <mmcgrath> Ok, we'll just go with that for now. it
will likely take some time before this completely gets flushed out
anyway. I'll start an initial page and point rahul at it with the
exception that he be patient as we're still working it out.
2007-09-27T14:17:19 <mmcgrath> Anyone else have anything to discuss on
2007-09-27T14:17:58 <jeremy> thanks for jumping in and doing some quick
thinking on it
2007-09-27T14:18:42 <dwmw2_gone> mmcgrath:
2007-09-27T14:18:46 <f13> mmcgrath: seems fine to me.
2007-09-27T14:18:59 <mmcgrath> solid.
2007-09-27T14:19:04 * mmcgrath is glad to get moving on that.
2007-09-27T14:19:37 <mmcgrath> Ok, on to the next topic
2007-09-27T14:19:45 *** mmcgrath changes topic to "Infrastructure --
Schedule - http://fedoraproject.org/wiki/Infrastructure/Schedule"
2007-09-27T14:20:18 <mmcgrath> Corporate Sponsorship. We're getting
some more interest in this but no new sponsors this week.
2007-09-27T14:20:40 <mmcgrath> I've been asking for some collaboration
servers to host dedicated instances of gobby, pastebins, asterisk and a
few other things we use to work together.
2007-09-27T14:21:02 <mmcgrath> I'm looking for a 1T torrent server both
as an upgrade to our current server and because the current torrent is
2007-09-27T14:21:03 <lmacken> sweet
2007-09-27T14:21:18 <mmcgrath> I've also been pushing to find a new
hosting server with about 1T of storage and onsite backup.
2007-09-27T14:21:45 <f13> nice
2007-09-27T14:21:47 <mmcgrath> I figure if we can get that setup and
keep an off site backup in PHX hosted will be a very viable and
attractive solution when combined with the Fedoraverse.
2007-09-27T14:22:00 <f13> mmcgrath: what ever happened to the blade
2007-09-27T14:22:17 <mmcgrath> f13: the last thing I heard from Jay
Madison was "we'll tell you when we hear more"
2007-09-27T14:22:29 <mmcgrath> We're quickly coming up on a year of
that thing just sitting on the floor.
2007-09-27T14:22:45 <jima> how big is it?
2007-09-27T14:22:58 <mmcgrath> jima: I think its more the power thats
the problem, not the height.
2007-09-27T14:23:01 * mmcgrath digs up last email
2007-09-27T14:24:22 <jeremy> jima: it's a bladecenter. they're 14U iirc
2007-09-27T14:24:44 <jima> jeremy: i don't know bladecenters; that
second part helps. ;)
2007-09-27T14:24:55 <jeremy> (but my RC may well not be... waaaayy too
much rattling around in my head today :)
2007-09-27T14:25:28 <mmcgrath> f13: yeah, last email I got was on
9/04/07 that said "none yet, standby please. We'll let you know when we
have everything with this sorted out. "
2007-09-27T14:25:42 <mmcgrath> So thats the latest.
2007-09-27T14:26:17 <mmcgrath> So anyway, thats the latest on corporate
sponsorship, any questions before moving on?
2007-09-27T14:27:04 <mmcgrath> The next item on the schedule is
architecture documentation. I've added a few bits to -
2007-09-27T14:27:06 <jeremy> jima: whoops. 7U, 14 blades.
2007-09-27T14:27:09 <mmcgrath> I haven't updated the wiki yet.
2007-09-27T14:27:18 <mmcgrath> jeremy: there you go, that sounds better :)
2007-09-27T14:27:29 <dgilmore> 20amps :)
2007-09-27T14:27:38 <jima> 20amps. hmm.
2007-09-27T14:27:42 <dgilmore> actually 25 i think
2007-09-27T14:27:50 <jeremy> also serves as a space heater for the winter
2007-09-27T14:27:51 <jima> 25 makes it a bit trickier :P
2007-09-27T14:28:02 <dgilmore> would need to double check
2007-09-27T14:28:11 <dgilmore> its 20 or 25
2007-09-27T14:28:24 <mmcgrath> ricky: I've added that image to point to
a proper location :)
2007-09-27T14:29:04 <mmcgrath> Next item - SOP's -
2007-09-27T14:29:17 <mmcgrath> I think lmacken's sop about bodhi is the
only new one.
2007-09-27T14:29:18 <mmcgrath> thanks lmacken
2007-09-27T14:29:21 <lmacken> no prob
2007-09-27T14:29:25 <ricky> mmcgrath: Ah, thanks :)
2007-09-27T14:29:36 <lmacken> the data was already on bodhi's wiki.. i
just pointed to it :)
2007-09-27T14:29:56 <mmcgrath> And as far as new sponsorship goes, no
new sponsors this week though kyriakos_ has been working on learning the
2007-09-27T14:30:11 <mmcgrath> a bold move :)
2007-09-27T14:31:00 <jima> heh
2007-09-27T14:31:40 <mmcgrath> Ok, so thats all I've got. I'll open
2007-09-27T14:31:45 *** mmcgrath changes topic to "Infrastructure --
2007-09-27T14:31:50 <mmcgrath> anyone have anything to dicsuss?
2007-09-27T14:32:08 <lmacken> I'm going to be working with dan walsh at
some point soon to resolve our SELinux "situation"
2007-09-27T14:32:40 <mmcgrath> lmacken: thanks. I'm fine with using
SELinux but we need to have a valid way to manage it and deploy with puppet.
2007-09-27T14:32:51 <lmacken> so if you've had any gripes /concerns
with selinux in our infrastructure, please let me know so we can address it
2007-09-27T14:33:00 <lmacken> mmcgrath: ok
2007-09-27T14:33:01 <mmcgrath> skvidal: ?
2007-09-27T14:33:03 <mmcgrath> :-P
2007-09-27T14:33:25 *** rdieter has quit IRC
2007-09-27T14:33:25 <skvidal> sorry
2007-09-27T14:33:27 <skvidal> one sec
2007-09-27T14:33:38 <skvidal> what is our 'selinux situation'
2007-09-27T14:33:45 <skvidal> define it
2007-09-27T14:33:48 <mmcgrath> skvidal: just that we don't use it.
2007-09-27T14:33:51 <lmacken> yes.
2007-09-27T14:33:59 <skvidal> uh huh....
2007-09-27T14:34:07 <skvidal> lmacken: here's what I have to say and
people can be pissed at me
2007-09-27T14:34:09 <mmcgrath> and it'd be good for Fedora if we did
2007-09-27T14:34:32 <lmacken> mmcgrath: ourselves too.. in that it
would have helped mitigate some issues in the past
2007-09-27T14:34:39 <skvidal> If you break a server "fixing" selinux
I'm going to be angry :)
2007-09-27T14:34:54 <mmcgrath> welllllll, mitigate==completely hide in
the last case.
2007-09-27T14:35:16 <mmcgrath> I go back and forth about selinux, I'm
rarely in the middle about it but I'm willing to give it a shot.
2007-09-27T14:35:18 <f13> lets start with permissive and work from there.
2007-09-27T14:35:25 <lmacken> mmcgrath: yeah.. but those are the two
biggest concerns we're faced with that we need to resolve: 1) shit
doesn't break 2) we know about selinux violations
2007-09-27T14:35:26 <f13> that's sufficiently middle.
2007-09-27T14:35:33 <skvidal> let's start with a justification for why
we need it on
2007-09-27T14:35:35 <skvidal> then work from there
2007-09-27T14:35:39 <f13> we can see the denials and yell at people
about them, but it wont' actually stop us from doing anything.
2007-09-27T14:35:47 <mmcgrath> skvidal: it would add security and thats
a good thing.
2007-09-27T14:36:00 <skvidal> mmcgrath: I have a lot of questions about
the net win we get from it
2007-09-27T14:36:02 <jima> mmcgrath: [tm]
2007-09-27T14:36:26 <skvidal> in much the same way I'm illconvinced of
how things like mugshot are obviously beneficial - but then most people
call me a stick-in-the-mud
2007-09-27T14:36:42 <dgilmore> skvidal: your an old fuddy duddy
2007-09-27T14:36:45 <dgilmore> but so am i
2007-09-27T14:36:56 <mmcgrath> skvidal: I agree with you on it. But
having said that selinux has changed a lot since I last started looking
2007-09-27T14:37:02 <jima> geez, all you fogeys
2007-09-27T14:37:06 <mmcgrath> I'm willing to give it a second shot,
especially if its not me doing the work :)
2007-09-27T14:37:20 *** tibbs has quit IRC
2007-09-27T14:37:23 <jeremy> skvidal: stick-in-the-mud
2007-09-27T14:37:36 <mmcgrath> lmacken: if you and dan come back with
some 20 step process we have to follow every time we change a config...
we'll probably not use it.
2007-09-27T14:37:45 <mmcgrath> but if you can make it dead simple, I'm
2007-09-27T14:37:49 <lmacken> mmcgrath: understandable.. the point is
to make it Just Work with our setup.
2007-09-27T14:38:03 <dgilmore> lmacken: selinux needs alot of work to
work with mock/koji/plague
2007-09-27T14:38:07 <f13> which may be hard, as Ii'm sure we color
outside the lines a bit.
2007-09-27T14:38:14 <mmcgrath> lmacken: work closely with dan on it and
we'll start with permissive mode.
2007-09-27T14:38:16 <f13> ya know, /srv/ and all
2007-09-27T14:38:21 <lmacken> mmcgrath: sounds good
2007-09-27T14:38:27 <f13> I'm not terribly interested in spending a ton
of time rewriting policy
2007-09-27T14:38:36 <dgilmore> mmcgrath: i usually just put the boxes
in permissive mode
2007-09-27T14:38:42 *** GeroldKa has joined #fedora-meeting
2007-09-27T14:38:44 *** fabian_a has joined #fedora-meeting
2007-09-27T14:39:00 <skvidal> lmacken: and make no modifications to
2007-09-27T14:39:15 <lmacken> skvidal: definitely won't until we have a
2007-09-27T14:39:42 <mmcgrath> lmacken: yeah, come up with a full plan
and send it to the list before we get started. starting on the xen
dom0's would probably be a good place to start.
2007-09-27T14:39:52 <lmacken> mmcgrath: will do
2007-09-27T14:40:11 <mmcgrath> Ok, if no one has anything else we'll
2007-09-27T14:40:22 * dgilmore has nothing
2007-09-27T14:40:44 <mmcgrath> ok, we'll close in 30
2007-09-27T14:40:49 *** kital has quit IRC
2007-09-27T14:41:00 <mmcgrath> 15
2007-09-27T14:41:11 <mmcgrath> 5
2007-09-27T14:41:18 *** mmcgrath changes topic to "Infrastructure --
More information about the Fedora-infrastructure-list